The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Security

Audit trail

Edit

Definitions[]

Computer security[]

An audit trail (also audit log) is

[a] [c]hronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.[1]
[a] record showing who has accessed an Information Technology (IT) system and what operations the user has performed during a given period.[2]
the results of monitoring each operation of subjects on objects; for example, an audit trail might be a record of all actions taken on a particularly sensitive file or a record of all users who viewed that file.[3]
[the] [p]rocess for recording (logging) a sequence of activities on a system; such as user log-ins and log-outs. More expansive audit trails would record each user’s activity in detail — what commands were issued to the systems, what records and files were accessed or modified, etc. Audit trails are a fundamental part of computer security, used to trace (albeit usually retrospectively) unauthorized users and uses. They can also be used to assist with information recovery in the event of a system failure.[4]

Criminal law[]

An audit trail is

[t]he use of audit procedures (e.g., tracking who is accessing the data or what data was accessed) combined with analysis of audit logs and follow-up for unauthorized or anomalous activity is essential for long-term system security and privacy.[5]

E-commerce[]

In electronic commerce a good audit trail can help resolve programming errors and discrepancies in the how a transaction is recorded by the parties to the transaction.

Overview (Computer security)[]

Audit trails are a fundamental part of computer security, used to trace (albeit usually retrospectively) unauthorized users and uses. They can also be used to assist with information recovery in the event of a system failure.[6]

"Audit trails may be used as either a support for regular system operations, or as a kind of insurance policy, or as both of these. As insurance, audit trails are maintained but are not used unless needed, such as after a system outage. As a support for operations, audit trails are used to help system administrators ensure that the system or resources have not been harmed by hackers, insiders, or technical problems."[7]

Electronic audit trails must provide a chain of custody for the secure electronic transaction that identifies sending location, sending entity, date and time stamp of receipt, and other measures used to ensure the integrity of the document. These audit trails must be sufficiently complete and reliable to validate the integrity of the transaction and to prove, a) that the connection between the sender and the recipient has not been tampered with, and b) how the document was controlled upon receipt.[8]

References[]

  1. CNSSI 4009, at 9.
  2. NIST Special Publication 800-47, at D-1.
  3. Cryptography’s Role in Securing the Information Society, App. B, Glossary, at 354.
  4. U.S. Department of Justice, Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Information Sharing Initiatives, at 31.
  5. Criminal Intelligence Glossary (Nov. 2004).
  6. Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
  7. Mobile Security Reference Architecture (document), at 86.
  8. OMB, Procedures and Guidance; Implementation of the Government Paperwork Elimination Act, 65 Fed. Reg. 25508-21 (May 2, 2000) (full-text).

See also[]

Community content is available under CC-BY-SA unless otherwise noted.
Advertisement

Fan Feed